Docker Networking -Project: Created Default network for a two-tier application

Types of Network

  • Default Bridge

  • Custom Bridge network

  • Host network

  • MAC VLAN network

  • None network

  • Overlay network

ip address show: To view all the ip address

Loopback network: The network to run anything locally(ex-localhost)

Ethernet: To connect with outside (ex- shows ip of wifi attached to network)

sudo apt install docker.io: To install docker

ip address show: To show the ip addresses ( a new docker0 network has been added used for docker)

  • How to resolve permission denied error while using docker?

  • Error : docker ps: to view all the running container

Resolved error:

sudo usermod -aG docker $USER: to add the current user to docker group which will give the permission to access docker

sudo reboot: To reboot the system

  • The default type of network when installing a docker:

docker network ls: To list the network in the docker

  • Default Bridge:

  • By default, the network is used by the container to access outside, and when the outside world wants to connect to the container we have to expose the port of the container)

docker run -d --name nginx nginx: To run the image nginx in detached/background with the name given nginx

docker ps: To view all the running container

docker inspect bridge: to view all the information of the bridge network(by default network)

-> It shows the bridge network has got a container named nginx with "172.17.0.2/16"

-> Copy ip address from ec2-instance and paste into the browser but still it won't connect as the container does have published the port to access the outside world.

Resolution:

-> We have to map port 80 of the docker container to port 80 of the host.

docker ps: To view all the running containers

docker kill 58cd11fc248f: to stop the container

docker rm 58cd11fc248f: to remove the container

docker run -d --name nginx -p 80:80 nginx -> To run the image of nginx with port 80 of container mapped to port 80 of the host which enables the container to be able to access the outside world.

docker ps: to view the running container

->Now, copy-paste the IP address and the Nginx container is able to access the outside world through the default bridge network.

  • Host network

    docker ps: to view all the running container

    docker kill 4da7955ab07a: to stop the container

    docker rm 4da7955ab07a: to remove the container

    -> Now, create a new container with a host network attached to it not the default bridge network

    docker run -d --name nginx --network host nginx: to make a container of nginx with host network

    NOTE: In the case of the Bridge, we have to map port 80 of container to the port 80 of the host to access the internet but when using the host network in place of the bridge, the container is directly connected to the host.

Interview question: How does the bridge network container have ip address but the host network container doesn't?

  • The host network container doesn't have any IP address as it is working on the host IP address(computer system).

  • Custom Bridge

    docker network create custone-bridge: to create a custom network bridge(custom bridge has been created)

    docker network ls: To view all the docker networks

    docker ps: to view all the running container

    docker kill nginx: to stop the container

    docker rm nginx: to remove the container

    (Now, no container is running)

docker run -d --name nginx-def nginx: to create a container of nginx with name nginx-def using by default bridge.

docker run -d --name nginx-cus1 --network custone-bridge nginx: to create an nginx container with name nginx-cus1 using a user-defined bridge named custone-bridge

docker run -d --name nginx-cus2 --network custone-bridge nginx:

to create a container using the user-defined custone-bridge

docker inspect custone-bridge: to view all information of user-defined bridge(user defined custone-bridge is used by nginx-cus1 and nginx-cus2, and also both the containers can connect to each other as they are using the same network )

  • Project- created default network for two-tier applications using docker.

git clone github.com/ManishNegi963/microservices-k8s...

(copying the application locally)

cat Dockerfile: to view the data in the file

docker build . -t pythn-image: To create an image from Dockerfile in the current directory

docker network create my-bridge: to create a user-defined network for docker

docker network ls: to view all the docker network

docker run -d -p 5000:5000 --name python-ctr --network my-bridge pyhtn-image: to create a container using my-bridge(user-defined network) from pythn-image

-> This container is using user-defined docker network my-bridge.

->Now, go to the ec2-instance -> security group-> inbound rule->add rule->port 5000 from anywhere ipv4->save.

->This will allow access to ec2 from anywhere using the IP address with port 5000.

-> Copy the IP address with port 5000 and you will get the below message running.

  • creating a container in a user-defined network

docker run -d --name nginx-cus-1 --network my-bridge nginx: to make another container using the docker user-defined network my-bridge named as nginx-cus-1

  • creating a container in a user-defined network

docker run -d --name nginx-cus-2 --network my-bridge nginx: to create a container nginx-cus-2 using docker user-defined network my-bridge

  • creating a container in by default docker network

docker run -d --name nginx-def nginx: to create a container nginx-def using default docker network bridge

docker ps: to view all the running container

docker exec -it baba763459be sh: to go inside and interact with the container

->ping google.com : to check if the container is able to access the internet through the user-defined network my-bridge

->ping nginx-cus-1: to check if the python-ctr is able to connect with another container nginx-cus-1 using the same user-defined network my-bridge

->ping nginx-cus-2: to check if the python-ctr is able to connect with another container nginx-cus-2 using the same user-defined network my-bridge

IMPORTANT=>ping nginx-def: to check if the python-ctr is able to connect with another container nginx-def as it is not on the same network, as pythn-ctr is using the user-defined network my-bridge and nginx-def is using by default bridge which creates network isolation for both from each other.

  • connecting the mongo database container to the python application container

docker run -d --name mongo mongo: to create a container of mongo db

docker ps: to view all the running container

->In the app.py file, it stated that if entered /tasks with an IP address it will prompt a new page.

->Go to ec2-instance and enter the IP address with port 5000/tasks.

\=>The IP address won't connect with /tasks as it is using by default bridge network and the Python application is using a user-defined bridge (my-bridge).

docker logs pythn-ctr :to check the logs of python app(As both the application and mongo db are running on different network)

->Now, stop the Mongo container and make a new container on the user-defined my-bridge network to connect the Python app container to the Mongo db container.

docker run -d --name mongo --network my-bridge mongo: to create a mongo container using the my-bridge docker network

docker inspect my-bridge: to view information

-> In the my-bridge network, we have pythn-ctr as well as mongo

->IP address now working as both the containers are using the same customized network my-bridge

None network

  • docker run -d --name nginx-none --network none nginx: to create an nginx container using the none network

    It is an isolated container used for dummy data.

Overlay network:

The overlay network driver creates a distributed network among multiple Docker daemon hosts. This network sits on top of (overlays) the host-specific networks, allowing containers connected to it (including swarm service containers) to communicate securely when encryption is enabled.

docker network create --driver=overlay my-overlay-network

docker service create --network=my-overlay-network my-service

Macvlan network:

It allows containers to have a MAC address assigned to them directly. It is useful when containers require direct Layer 2 network access or when you want to connect containers directly to the external network.

docker network create -d macvlan --subnet=<subnet> --gateway=<gateway> -o parent=<network-interface> my-macvlan-network

docker run --network=my-macvlan-network my-container